1. Field of the Invention
The invention concerns a method for processing data, in particular for cryptographic processing of data, protected against attacks by generation of errors, and an associated device.
2. Description of the Related Arts
In some data processing methods, in particular in the context of cryptographic processing of data, processing algorithms use data that must remain secret (for example cryptographic keys) to ensure that the system functions with the required security.
This type of method is the target of attacks by malicious persons seeking to circumvent the security of the system.
These attacks include attacks by generating errors that disrupt the normal execution of the data processing method (generally implemented by executing a program in a microprocessor) in order to obtain on exit from the method data different from that normally expected but revealing information on secret data used in the algorithm (in contrast to what happens in the event of execution of the program without errors). To combat this type of attack complementary steps have been added (for example reiteration of calculations already effected) to verify execution without error of the data processing method, for example as described in patent applications WO 2005/088895 and WO 2006/103341.
In this type of solution, data must be stored during the supplementary operations the result of which provides for verification by comparison with the stored data; it is generally a question of storing the data obtained by the first iteration of the cryptographic calculation during the second iteration of the same calculation.
This storage can prove problematic, however, especially in the case of microcircuit cards having a fast access rewritable memory space (for example random access memory (RAM), also known as volatile memory) of limited capacity (typically only a few thousand bits, whereas constraints relating to security encourage the use of ever longer data word, in particular secret keys, typically 1024 or 2048 bits long).